Ѿ·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,PIDǣ1736,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7D6D.tmp,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\taskmgr.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\taskmgr.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\tskmgr.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\tskmgr.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\tskmgr.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0xe000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר.*,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x36,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x36,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\DESKTOP.INI,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x36,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\My Documents,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\All Users\Documents,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E},ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.pif,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.pif,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.pif,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\\ר\MS-DOS.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E},ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Fonts\Fonts.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\Fonts.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\Fonts.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\Fonts.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\Fonts.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\PCHEALTH\Global.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\PCHEALTH\Global.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\PCHEALTH\Global.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\PCHEALTH\Global.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\PCHEALTH\Global.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Global.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Global.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Global.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Global.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Global.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\svchost.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\svchost.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\svchost.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\svchost.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\svchost.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system\KEYBOARD.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system\KEYBOARD.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system\KEYBOARD.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system\KEYBOARD.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system\KEYBOARD.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Default.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Default.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Default.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Default.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\Default.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\regedit.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\regedit.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\regedit.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\regedit.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\regedit.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Fonts\tskmgr.exe,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\tskmgr.exe,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\tskmgr.exe,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\tskmgr.exe,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Fonts\tskmgr.exe,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Media\rndll32.pif,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Media\rndll32.pif,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Media\rndll32.pif,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Media\rndll32.pif,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
дļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,д·ǣC:\WINDOWS\Cursors\Boom.vbs,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1104,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\Documents and Settings\All Users\,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ǣREG_SZ,ֵǣGlobal,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,PIDΪ288,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8DE8.tmp,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
̣߳PIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,TIDΪ1692,ʼַǣ0x765e964d,ַǣ0x177100,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ӽ,PIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,PIDΪ1796,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1796,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.pif,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.pif,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.pif,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.dll,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.com,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.com,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.com,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ600,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_EXPAND_SZ,ֵǣ%SystemRoot%\system32\mmc.exe "%1" %*,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣregedit.exe "%1",ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1816,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System,ɹ־ǣɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ɹ־ǣɹ
ֵעPIDǣ1816,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
½עPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1824,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
̣߳PIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ1852,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7D6D.tmp,ɹ־ɹ
ɾļPIDǣ1736,·ǣC:\Documents and Settings\Administrator\\ר\MS-DOS.com,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7D6D.tmpļ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣc:\windows\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣc:\windows\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
дļPIDǣ1824,·ǣC:\WINDOWS\system32\ipconfig.exe,д·ǣC:\Documents and Settings\Administrator\\ר\ipconfig.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x369,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\My Documents,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\All Users\Documents,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\Documents and Settings\All Users\,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
½עPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ǣREG_SZ,ֵǣsvchost,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ӽ,PIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,PIDΪ1884,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x128,(λ)0x0,ȡǣ0x388,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DFAFB8.tmp,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x14e,(λ)0x0,ȡǣ0x362,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1900,·ǣfind "Physical Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
дļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
дļPIDǣ1900,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x18,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x181,(λ)0x0,ȡǣ0x32f,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1c0,(λ)0x0,ȡǣ0x2f0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1d9,(λ)0x0,ȡǣ0x2d7,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1fd,(λ)0x0,ȡǣ0x2b3,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1880,·ǣfind "IP Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
дļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
дļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
дļPIDǣ1880,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x12,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x229,(λ)0x0,ȡǣ0x287,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x55,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x266,(λ)0x0,ȡǣ0x24a,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x288,(λ)0x0,ȡǣ0x228,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1584,·ǣarp -s 192.168.0.8 00-E0-4C-05-49-11 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x29b,(λ)0x0,ȡǣ0x215,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2b2,(λ)0x0,ȡǣ0x1fe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2d6,(λ)0x0,ȡǣ0x1da,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1936,·ǣfind "Default Gateway" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ1936,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x307,(λ)0x0,ȡǣ0x1a9,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x57,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x348,(λ)0x0,ȡǣ0x168,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x362,(λ)0x0,ȡǣ0x14e,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1888,·ǣping 192.168.0.254 -n 1 Ľ,״̬Ϊ,ɹ־ǣɹ
̣߳PIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,TIDΪ1896,ʼַǣ0x765e964d,ַǣ0x176e20,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1888,·ǣ\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ȡļ·ǣC:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x33d6,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ӽ,PIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,PIDΪ1644,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ1644,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ֵעPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1888,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x37b,(λ)0x0,ȡǣ0x135,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x395,(λ)0x0,ȡǣ0x11b,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3bb,(λ)0x0,ȡǣ0xf5,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ876,·ǣarp -a 192.168.0.254  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ2004,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ2004,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
дļPIDǣ876,·ǣC:\WINDOWS\system32\arp.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x90,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3d9,(λ)0x0,ȡǣ0xd7,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3db,(λ)0x0,ȡǣ0xd5,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3dd,(λ)0x0,ȡǣ0xd3,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x90,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41f,(λ)0x0,ȡǣ0x91,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x439,(λ)0x0,ȡǣ0x77,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1424,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ӽ,PIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ324,·ǣarp -s 192.168.0.254 00-07-e9-0a-14-28 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
̣߳PIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ332,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ӽ,PIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,PIDΪ280,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ324,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE8D6.tmp,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x454,(λ)0x0,ȡǣ0x5c,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
дļPIDǣ1424,·ǣC:\WINDOWS\system32\ipconfig.exe,д·ǣC:\Documents and Settings\Administrator\\ר\ipconfig.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x369,ɹ־ǣɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
ɾļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txtļ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x128,(λ)0x0,ȡǣ0x388,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
дļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x464,(λ)0x0,ȡǣ0x4c,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txtļ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ɾļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txtļ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x14e,(λ)0x0,ȡǣ0x362,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x475,(λ)0x0,ȡǣ0x3b,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ɾļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txtļ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x485,(λ)0x0,ȡǣ0x2b,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ɾļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x497,(λ)0x0,ȡǣ0x19,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ456,·ǣfind "Physical Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1796,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x4a8,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣPersonal,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\My Documents,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\My Documents,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x181,(λ)0x0,ȡǣ0x32f,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x0,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\My Documents\desktop.ini,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\Administrator\My Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x54,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Documents,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\Documents,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1c0,(λ)0x0,ȡǣ0x2f0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\All Users\Documents,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\All Users\Documents\desktop.ini,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\Documents and Settings\All Users\Documents\desktop.ini,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x3e,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣDesktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1d9,(λ)0x0,ȡǣ0x2d7,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCommon Desktop,ԭǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ǣREG_SZ,ֵǣC:\Documents and Settings\All Users\,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\All Users,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\All Users\,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1fd,(λ)0x0,ȡǣ0x2b3,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
½עPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ǣREG_SZ,ֵǣsystem,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ540,·ǣfind "IP Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ӽ,PIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,PIDΪ560,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DFFD36.tmp,ɹ־ɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ540,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x229,(λ)0x0,ȡǣ0x287,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x0,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x266,(λ)0x0,ȡǣ0x24a,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x288,(λ)0x0,ȡǣ0x228,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ568,·ǣarp -s   Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ568,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x29b,(λ)0x0,ȡǣ0x215,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2b2,(λ)0x0,ȡǣ0x1fe,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2d6,(λ)0x0,ȡǣ0x1da,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ576,·ǣfind "Default Gateway" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ576,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x307,(λ)0x0,ȡǣ0x1a9,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x0,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x348,(λ)0x0,ȡǣ0x168,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x362,(λ)0x0,ȡǣ0x14e,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ596,·ǣping 192.168.0.254 -n 1 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ596,·ǣ\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ȡļ·ǣC:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x33d6,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
̣߳PIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,TIDΪ1264,ʼַǣ0x765e964d,ַǣ0x176e00,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ596,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x37b,(λ)0x0,ȡǣ0x135,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,PIDΪ384,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x395,(λ)0x0,ȡǣ0x11b,ɹ־ǣɹ
ļPIDǣ384,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.pif,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3bb,(λ)0x0,ȡǣ0xf5,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.com,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ584,·ǣarp -a   Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
дļPIDǣ584,·ǣC:\WINDOWS\system32\arp.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x104,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3d9,(λ)0x0,ȡǣ0xd7,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3db,(λ)0x0,ȡǣ0xd5,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3dd,(λ)0x0,ȡǣ0xd3,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ628,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x104,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ628,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41f,(λ)0x0,ȡǣ0x91,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x439,(λ)0x0,ȡǣ0x77,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ӽ,PIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ720,·ǣarp -s  00-07-e9-0a-14-28 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
̣߳PIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,TIDΪ648,ʼַǣ0x765e964d,ַǣ0x176df0,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ֵעPIDǣ720,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ӽ,PIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,PIDΪ896,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ӽ,PIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,PIDΪ936,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x454,(λ)0x0,ȡǣ0x5c,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1020,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2A14.tmp,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txtļ,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x464,(λ)0x0,ȡǣ0x4c,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
̣߳PIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ1068,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txtļ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x475,(λ)0x0,ȡǣ0x3b,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txtļ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x485,(λ)0x0,ȡǣ0x2b,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x497,(λ)0x0,ȡǣ0x19,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
дļPIDǣ1020,·ǣC:\WINDOWS\system32\ipconfig.exe,д·ǣC:\Documents and Settings\Administrator\\ר\ipconfig.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x369,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE8D6.tmp,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ɾļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txtļ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ɾļPIDǣ280,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE8D6.tmpļ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ1644,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x4a8,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1344,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x128,(λ)0x0,ȡǣ0x388,ɹ־ǣɹ
ļPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1344,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x14e,(λ)0x0,ȡǣ0x362,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ɾļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1240,·ǣfind "Physical Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ֵעPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
дļPIDǣ1240,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x181,(λ)0x0,ȡǣ0x32f,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1228,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x1b,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1c0,(λ)0x0,ȡǣ0x2f0,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
̣߳PIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ772,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1d9,(λ)0x0,ȡǣ0x2d7,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1fd,(λ)0x0,ȡǣ0x2b3,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
дļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
дļPIDǣ1228,·ǣC:\WINDOWS\system32\ipconfig.exe,д·ǣC:\Documents and Settings\Administrator\\ר\ipconfig.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x369,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1296,·ǣfind "IP Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ1296,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x229,(λ)0x0,ȡǣ0x287,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x1b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x128,(λ)0x0,ȡǣ0x388,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x266,(λ)0x0,ȡǣ0x24a,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0xc8,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ɾļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txtļ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x110,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļαλǣ(λ)0x124,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x288,(λ)0x0,ȡǣ0x228,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x14e,(λ)0x0,ȡǣ0x362,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,PIDΪ1408,·ǣ"C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\msctfime.ime,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF52F4.tmp,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Registration\R000000000007.clb,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\Registration\R000000000007.clb,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5638,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\scrrun.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1416,·ǣarp -s   Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xf8,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0xfc,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1356,·ǣfind "Physical Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x1f0,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x218,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x240,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1416,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x29b,(λ)0x0,ȡǣ0x215,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202f0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ1356,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x18,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2b2,(λ)0x0,ȡǣ0x1fe,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x202e2,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x181,(λ)0x0,ȡǣ0x32f,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2d6,(λ)0x0,ȡǣ0x1da,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5b,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x200f0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20100,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1c0,(λ)0x0,ȡǣ0x2f0,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\scrrun.dll,ļαλǣ(λ)0x20220,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1d9,(λ)0x0,ȡǣ0x2d7,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshom.ocx.mui,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPaddr.txt,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ɾļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txtļ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1288,·ǣfind "Default Gateway" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1fd,(λ)0x0,ȡǣ0x2b3,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ֵעPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
̣߳PIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,TIDΪ1396,ʼַǣ0x765e964d,ַǣ0x176df0,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
дļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
дļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
дļPIDǣ1288,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x14,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ӽ,PIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,PIDΪ1464,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ1464,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x307,(λ)0x0,ȡǣ0x1a9,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1460,·ǣfind "IP Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x57,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x348,(λ)0x0,ȡǣ0x168,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\shdocvw.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
дļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x362,(λ)0x0,ȡǣ0x14e,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\1.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\1.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
дļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\System\1.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
дļPIDǣ1460,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x12,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\urlmon.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣProxyBypass,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣIntranetName,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,ǣUNCAsIntranet,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCache,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,ǣCookies,ԭǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ǣREG_SZ,ֵǣC:\Documents and Settings\Administrator\Cookies,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x229,(λ)0x0,ȡǣ0x287,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\MS-DOS.com,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\MS-DOS.com,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\MS-DOS.com,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x55,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\MS-DOS.com,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\MS-DOS.com,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x266,(λ)0x0,ȡǣ0x24a,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ296,·ǣping 192.168.0.254 -n 1 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ296,·ǣ\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x288,(λ)0x0,ȡǣ0x228,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ȡļ·ǣC:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x33d6,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\MS-DOS.com,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\MS-DOS.com,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\MS-DOS.com,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\MS-DOS.com,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\MS-DOS.com,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ296,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x37b,(λ)0x0,ȡǣ0x135,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1504,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\MS-DOS.com,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x395,(λ)0x0,ȡǣ0x11b,ɹ־ǣɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\MS-DOS.com,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1212,·ǣarp -s 192.168.0.8 00-E0-4C-05-49-11 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\MS-DOS.com,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\MS-DOS.com,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ֵעPIDǣ1504,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\MS-DOS.com,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3bb,(λ)0x0,ȡǣ0xf5,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1212,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x29b,(λ)0x0,ȡǣ0x215,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\MS-DOS.com,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ɾļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2b2,(λ)0x0,ȡǣ0x1fe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\MS-DOS.com,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\MS-DOS.com,ļαλǣ(λ)0x10000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\MS-DOS.com,ļαλǣ(λ)0x20000,(λ)0x0,д볤ǣ0x10000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\MS-DOS.com,ļαλǣ(λ)0x30000,(λ)0x0,д볤ǣ0x7000,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ɾļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txtļ,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1688,·ǣarp -a 192.168.0.254  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2d6,(λ)0x0,ȡǣ0x1da,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
дļPIDǣ1688,·ǣC:\WINDOWS\system32\arp.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x16,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31160,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32160,(λ)0x0,ȡǣ0xca0,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3d9,(λ)0x0,ȡǣ0xd7,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\rsaenh.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x150,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3db,(λ)0x0,ȡǣ0xd5,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ1464,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1728,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x3154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1760,·ǣfind "Default Gateway" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x4154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x5154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3dd,(λ)0x0,ȡǣ0xd3,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x6154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x7154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x8154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x9154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x16,ɹ־ǣɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xa154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
̣߳PIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ1804,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xb154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
дļPIDǣ1760,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xc154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41f,(λ)0x0,ȡǣ0x91,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xd154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xe154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1728,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0xf154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x307,(λ)0x0,ȡǣ0x1a9,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x10154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x11154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x439,(λ)0x0,ȡǣ0x77,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x12154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x13154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
дļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x1b,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x14154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x15154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ֵעPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,ǣValueName,ԭǣREG_SZ,ֵǣShowSuperHidden,ǣREG_SZ,ֵǣShowSuperHiden,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x16154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x348,(λ)0x0,ȡǣ0x168,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x17154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x18154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2A14.tmp,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x19154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ɾļPIDǣ896,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF2A14.tmpļ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x362,(λ)0x0,ȡǣ0x14e,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x1f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x20154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x21154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ӽ,PIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1788,·ǣarp -s 192.168.0.254  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x22154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x23154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x24154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x25154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x26154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x27154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1788,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x28154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x29154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1864,·ǣping 192.168.0.254 -n 1 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2a154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1864,·ǣ\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x454,(λ)0x0,ȡǣ0x5c,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2b154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ȡļ·ǣC:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x33d6,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2c154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2d154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2e154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ɾļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txtļ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x2f154,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x30154,(λ)0x0,ȡǣ0xf7c,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1864,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x464,(λ)0x0,ȡǣ0x4c,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x31170,(λ)0x0,ȡǣ0x1000,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\rsaenh.dll,ļαλǣ(λ)0x32170,(λ)0x0,ȡǣ0xc90,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x37b,(λ)0x0,ȡǣ0x135,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ɾļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txtļ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x200,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
̣߳PIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,TIDΪ1828,ʼַǣ0x765e964d,ַǣ0x176ed8,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\zh-cn\wshext.dll.mui,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x475,(λ)0x0,ȡǣ0x3b,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x395,(λ)0x0,ȡǣ0x11b,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ɾļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txtļ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3bb,(λ)0x0,ȡǣ0xf5,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\cmd.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ӽ,PIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,PIDΪ1868,·ǣ"C:\WINDOWS\1.bat"  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\VB and VBA Program Settings\trial version\trial,ǣdate1,ԭǣREG_SZ,ֵǣ2009-9-23,ǣREG_SZ,ֵǣ2009-9-23,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x485,(λ)0x0,ȡǣ0x2b,ɹ־ǣɹ
ļPIDǣ1868,·ǣ\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x35f8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.pif,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.dll,ɹ־ɹ
ɾļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x497,(λ)0x0,ȡǣ0x19,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.com,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x4b0,ɹ־ǣɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ɾļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txtļ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chimes.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xb,(λ)0x0,ȡǣ0x4a5,ɹ־ǣɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ924,·ǣarp -a   Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ384,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x4a8,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\chord.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ding.wav,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\flourish.mid,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41,(λ)0x0,ȡǣ0x46f,ɹ־ǣɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\notify.wav,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\onestop.mid,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
дļPIDǣ924,·ǣC:\WINDOWS\system32\arp.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x104,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x8b,(λ)0x0,ȡǣ0x425,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\recycle.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\ringout.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3d9,(λ)0x0,ȡǣ0xd7,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\rndll32.pif,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc1,(λ)0x0,ȡǣ0x3ef,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\start.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\tada.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3db,(λ)0x0,ȡǣ0xd5,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\town.mid,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ϣ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ػ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3dd,(λ)0x0,ȡǣ0xd3,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ؼֹ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x104,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ʼ.wav,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1576,·ǣarp -d Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41f,(λ)0x0,ȡǣ0x91,ɹ־ǣɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֹ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ̾.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ӡ.wav,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x439,(λ)0x0,ȡǣ0x77,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP С.wav,ɹ־ɹ
ֵעPIDǣ1576,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xc9,(λ)0x0,ȡǣ0x3e7,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ע.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ز.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0xe3,(λ)0x0,ȡǣ0x3cd,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP صضȱ.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP 绰.wav,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x10b,(λ)0x0,ȡǣ0x3a5,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ¼.wav,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳɾ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ӳ.wav,ɹ־ɹ
ӽ,PIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1016,·ǣarp -s  00-07-e9-0a-14-28 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.BAT,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ˵.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.CMD,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.VBE,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ԭ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.JSE,ɹ־ɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSF,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.WSH,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP ֪ͨ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.*,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.COM,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.EXE,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP .wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1016,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\Media\Windows XP Ĭֵ.wav,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x454,(λ)0x0,ȡǣ0x5c,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ipconfig.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ1956,·ǣipconfig /all  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x464,(λ)0x0,ȡǣ0x4c,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ɾļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txtļ,ɹ־ǣɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
̣߳PIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,TIDΪ1948,ʼַǣ0x77dc848a,ַǣ0x0,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ǣREG_SZ,ֵǣ5f31090b-d990-4e91-b16d-46121d0255aa,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\netshell.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x475,(λ)0x0,ȡǣ0x3b,ɹ־ǣɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\tapi32.dll,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\system32\wininet.dll,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣLogSessionName,ԭǣREG_EXPAND_SZ,ֵǣstdout,ǣREG_EXPAND_SZ,ֵǣstdout,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣActive,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil,ǣControlFlags,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣGuid,ԭǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ǣREG_SZ,ֵǣ8aefce96-4618-42ff-a057-3536aa78233e,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier,ǣBitNames,ԭǣREG_SZ,ֵǣ Error Unusual Info Debug,ǣREG_SZ,ֵǣ Error Unusual Info Debug,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x485,(λ)0x0,ȡǣ0x2b,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x9,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x9,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0xb,(λ)0x0,д볤ǣ0xf,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1a,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x497,(λ)0x0,ȡǣ0x19,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x1c,(λ)0x0,д볤ǣ0x17,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x33,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x35,(λ)0x0,д볤ǣ0x1d,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x52,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x54,(λ)0x0,д볤ǣ0x20,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ936,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x4a8,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,д·ǣC:\WINDOWS\system32\dllcache\autorun.inf,ļαλǣ(λ)0x74,(λ)0x0,д볤ǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣEventMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\Cursors\Boom.vbs,ɹ־ɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryMessageFile,ԭǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ǣREG_EXPAND_SZ,ֵǣC:\WINDOWS\system32\ESENT.dll,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣCategoryCount,ԭǣREG_DWORD,ֵǣ0x10,ǣREG_DWORD,ֵǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT,ǣTypesSupported,ԭǣREG_DWORD,ֵǣ0x7,ǣREG_DWORD,ֵǣ0x7,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden,ǣValueName,ԭǣREG_SZ,ֵǣShowSuperHiden,ǣREG_SZ,ֵǣShowSuperHiden,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF52F4.tmp,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ɾļPIDǣ1408,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\Documents and Settings\Administrator\Local Settings\Temp\~DF52F4.tmpļ,ɹ־ǣɹ
дļPIDǣ1956,·ǣC:\WINDOWS\system32\ipconfig.exe,д·ǣC:\Documents and Settings\Administrator\\ר\ipconfig.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x369,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x128,(λ)0x0,ȡǣ0x388,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x14e,(λ)0x0,ȡǣ0x362,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ2008,·ǣfind "Physical Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
дļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
дļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
дļPIDǣ2008,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x18,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x181,(λ)0x0,ȡǣ0x32f,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\phyaddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x5b,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1c0,(λ)0x0,ȡǣ0x2f0,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1d9,(λ)0x0,ȡǣ0x2d7,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x1fd,(λ)0x0,ȡǣ0x2b3,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ852,·ǣfind "IP Address" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
дļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
дļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
дļPIDǣ852,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x12,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x229,(λ)0x0,ȡǣ0x287,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\IPAddr.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x55,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x266,(λ)0x0,ȡǣ0x24a,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x288,(λ)0x0,ȡǣ0x228,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ356,·ǣarp -s 192.168.0.8 00-E0-4C-05-49-11 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ356,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x29b,(λ)0x0,ȡǣ0x215,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2b2,(λ)0x0,ȡǣ0x1fe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x2d6,(λ)0x0,ȡǣ0x1da,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\find,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\find.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ304,·ǣfind "Default Gateway" ipconfig.txt  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
дļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x1b,ɹ־ǣɹ
дļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x1b,(λ)0x0,д볤ǣ0x28,ɹ־ǣɹ
дļPIDǣ304,·ǣC:\WINDOWS\system32\find.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x43,(λ)0x0,д볤ǣ0x14,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x307,(λ)0x0,ȡǣ0x1a9,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateIP.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x57,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x348,(λ)0x0,ȡǣ0x168,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x362,(λ)0x0,ȡǣ0x14e,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ping,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\ping.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ368,·ǣping 192.168.0.254 -n 1 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ368,·ǣ\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ȡļ·ǣC:\WINDOWS\Prefetch\PING.EXE-31216D26.pf,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x33d6,ɹ־ǣɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·\DEVICE\HARDDISKVOLUME1,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ368,·ǣC:\WINDOWS\system32\ping.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x37b,(λ)0x0,ȡǣ0x135,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x395,(λ)0x0,ȡǣ0x11b,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3bb,(λ)0x0,ȡǣ0xf5,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ452,·ǣarp -a 192.168.0.254  Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
дļPIDǣ452,·ǣC:\WINDOWS\system32\arp.exe,д·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x90,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3d9,(λ)0x0,ȡǣ0xd7,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3db,(λ)0x0,ȡǣ0xd5,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x3dd,(λ)0x0,ȡǣ0xd3,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\Documents and Settings\Administrator\\ר\GateMac.txt,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x90,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x41f,(λ)0x0,ȡǣ0x91,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x439,(λ)0x0,ȡǣ0x77,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp.*,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\arp,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.*,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.COM,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.EXE,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\WINDOWS\system32\arp.exe,ɹ־ɹ
ӽ,PIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,PIDΪ456,·ǣarp -s 192.168.0.254 00-07-e9-0a-14-28 Ľ,״̬Ϊ,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\Documents and Settings\Administrator\\ר,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\sysmain.sdb,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\AppPatch\AcGenral.dll,ɹ־ɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\shell32.dll,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\WindowsShell.Manifest,ɹ־ɹ
ļPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ļ·C:\WINDOWS\system32\comctl32.dll,ɹ־ɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG,ǣSeed,ԭǣREG_BINARY,ֵǶ,ǣREG_BINARY,ֵǶ,ɹ־ǣɹ
ֵעPIDǣ456,·ǣC:\WINDOWS\system32\arp.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters,ǣTrapPollTimeMilliSecs,ԭǣREG_DWORD,ֵǣ0x3a98,ǣREG_DWORD,ֵǣ0x3a98,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x454,(λ)0x0,ȡǣ0x5c,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txt,ɹ־ɹ
ɾļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateIP.txtļ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x464,(λ)0x0,ȡǣ0x4c,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txt,ɹ־ɹ
ɾļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\GateMac.txtļ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x475,(λ)0x0,ȡǣ0x3b,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txt,ɹ־ɹ
ɾļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\IPAddr.txtļ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x485,(λ)0x0,ȡǣ0x2b,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txt,ɹ־ɹ
ɾļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\ipconfig.txtļ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x497,(λ)0x0,ȡǣ0x19,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,Ŀļ·\??\C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txt,ɹ־ɹ
ɾļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\Documents and Settings\Administrator\\ר\phyaddr.txtļ,ɹ־ǣɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ļ·C:\WINDOWS\1.bat,ɹ־ɹ
ļPIDǣ1868,·ǣC:\WINDOWS\system32\cmd.exe,ȡļ·ǣC:\WINDOWS\1.bat,ļαλǣ(λ)0x4a8,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ǣShowSuperHidden,ԭǣREG_DWORD,ֵǣ0x0,ǣREG_DWORD,ֵǣ0x0,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣC:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·L:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣL:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·M:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣM:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\autorun.inf,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·N:\autorun.inf,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
дļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,д·ǣN:\autorun.inf,ļαλǣ(λ)0x0,(λ)0x0,д볤ǣ0x76,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,Ŀļ·\??\C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ288,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\Global.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Shutdown\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣParameters,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0,ǣScript,ԭǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ǣREG_SZ,ֵǣC:\WINDOWS\Cursors\Boom.vbs,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\exefile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ560,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\comfile,ǣNeverShowExt,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ļ·C:\WINDOWS\system32\wshom.ocx,ɹ־ɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x0,(λ)0x0,ȡǣ0x40,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf0,(λ)0x0,ȡǣ0x4,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0xf4,(λ)0x0,ȡǣ0x14,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x1e8,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x210,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x238,(λ)0x0,ȡǣ0x28,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16000,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16010,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16560,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16018,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16550,(λ)0x0,ȡǣ0x2,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16552,(λ)0x0,ȡǣ0xe,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16048,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16058,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16158,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x16168,(λ)0x0,ȡǣ0x8,ɹ־ǣɹ
ļPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ȡļ·ǣC:\WINDOWS\system32\wshom.ocx,ļαλǣ(λ)0x163c0,(λ)0x0,ȡǣ0x10,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\.VBS,ǣ,ԭǣREG_SZ,ֵǣVBSFile,ǣREG_SZ,ֵǣVBSFile,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣSCRNSAVE.EXE,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣScreenSaveTimeOut,ԭǣREG_SZ,ֵǣ30,ǣREG_SZ,ֵǣ30,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\MSCFile\Shell\Open\Command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Classes\regfile\shell\open\command,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\Global.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\tskmgr.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\drivers\drivers.cab.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ǣREG_SZ,ֵǣC:\WINDOWS\Media\rndll32.pif,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe,ǣDebugger,ԭǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ǣREG_SZ,ֵǣC:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Microsoft\Windows\CurrentVersion\RunOnce,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system32\dllcache\Default.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ǣ,ԭǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ǣREG_SZ,ֵǣC:\WINDOWS\system\KEYBOARD.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run,ǣsys,ԭǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ǣREG_SZ,ֵǣC:\WINDOWS\Fonts\Fonts.exe,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system,ǣDisableStatusMessages,ԭǣREG_DWORD,ֵǣ0x1,ǣREG_DWORD,ֵǣ0x1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Control Panel\Desktop,ǣAutoEndTasks,ԭǣREG_SZ,ֵǣ1,ǣREG_SZ,ֵǣ1,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣDisplayName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣFileSysPath,ԭǣREG_SZ,ֵǣ,ǣREG_SZ,ֵǣ,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPO-ID,ԭǣREG_SZ,ֵǣLocalGPO,ǣREG_SZ,ֵǣLocalGPO,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣGPOName,ԭǣREG_SZ,ֵǣLocal Group Policy,ǣREG_SZ,ֵǣLocal Group Policy,ɹ־ǣɹ
ֵעPIDǣ1884,·ǣC:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe,ע·ǣ\REGISTRY\USER\S-1-5-21-343818398-1214440339-1417001333-500\Software\Policies\Microsoft\Windows\System\Scripts\Logoff\0,ǣSOM-ID,ԭǣREG_SZ,ֵǣLocal,ǣREG_SZ,ֵǣLocal,ɹ־ǣɹ
